|
[求助]反病毒专家学习的是哪种汇编?
几年之后,楼主就开始吃草了... |
|
[原创]放个inline Hook的工程
不用的话,传进来的恰巧是某个数据,就崩了. 反正我是遇到过... |
|
[原创]放个inline Hook的工程
连反汇编引擎都不带就开始特征匹配, 蓝死你~~~ |
|
|
|
如何才能造出一个和左边一模一样的图来
你用VC自己做个啊~~~ |
|
|
|
[原创]Antirootkit: CodeWalker
严重同意, 做了自己用. 多好啊~~~ |
|
[原创]发个小工具,网络防火墙!
抓JJ的马甲. |
|
[原创]发个小工具,网络防火墙!
顶 zjjMJ 大牛新作~~~ |
|
|
|
|
|
[原创]发个小工具 实验产品
被雷了一下... |
|
|
|
[原创]Antirootkit: CodeWalker
YOU WANT TO Pm,but that exceed your authority. good luck, chinese for foreigners is always hard to learn... |
|
[原创]Antirootkit: CodeWalker
but the result in my computer is that your PROC CAN NOT DETECT my call hook. that is all. your technique for DEEP SCAN is nice, It is really more stronger than current other arks. AND I had mad ONE DEMO too, almost like yours~~ |
|
[原创]Antirootkit: CodeWalker
I know what you had mentioned: you scan AN API, when your DASM ENGINE find a E8 call /FF 15 CALL, your Engine follow in, this called "deep scan", AND I had used this little trick for a long time. BUT, you may forget that your call hook in MmLoadSystemImage is:
my call HOOK is like this:
that is the differentia, because your ENGINE follow in each CALL xxxx, and if xxxx's address is in ntoskrnl.exe, you take it for granted that it is a normal call, but not a Virus Modify. AND my scan ENGINE CAN deeply carry out... |
|
[原创]Antirootkit: CodeWalker
I tested your Program on VMWARE, and I forgot to set the Computer Model to "Minidump Module", so there isn't any dumps. but, your hook for KiFastCallEntry cause the SYSTEM to crash... |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值